[rancid] Re: F5 load balancer support
Sam Munzani
smunzani at comcast.net
Mon Jul 16 16:48:52 UTC 2007
David,
Thanks a lot for the tip. This worked well. Now f5login goes much more
cleaner and the "root" doesn't set sent again. I still have other issues
where rancid-run is backing up config properly but I am still
troubleshooting it.
Now here is a question. What does "bldshgalsjd" mean and how does it do
this miracle?
Thanks,
Sam
> Thanks for this tip, turns out that this is also the reason the
> username gets entered at a prompt on the cisco IPS devices. Since it's
> using SSH and therefore doesn't need a username prompt, solution was
> to simply add in .cloginrc:
>
> add userprompt ids* bldshgalsjd (<- something that won't get sent
> during login)
>
> Regards,
>
> David
>
> On 14/07/07, Lance <rancid at gheek.net> wrote:
>> Sam,
>>
>> Have you tried using telnet to login, if the f5 has it enabled.
>> You may also want to set auto enable in your .cloginrc for this device
>> as it looks to clogin as you are already in a cisco equivalent equal to
>> enable since your prompt has a # sign in it.
>>
>> Looking at your next email along with this one it looks like you are
>> already in a cisco equivalent of enable after you login. f5login seems
>> to be sending your username of root as a command after you get connected
>> because it sees this line "Last login: Fri Jul 13 14:38:03 2007 from
>> 172.24.100.12" and it matches on the word "Login". See below.
>>
>> "(Username|Login|login|user name):"? yes
>>
>> expect: set expect_out(0,string) "login:"
>>
>> expect: set expect_out(1,string) "login"
>>
>> expect: set expect_out(spawn_id) "exp4"
>>
>> expect: set expect_out(buffer) " \r\nLast login:"
>>
>> send: sending "root\r" to { exp4 }
>>
>> expect: continuing expect
>>
>> You are just using a Cisco login/parsing script so it expects prompts
>> from a Cisco device and in this case you have a *nix SSH banner that
>> gets interrupted. I know you can use RANCID to backup *nix systems. So
>> it knows how to understand connecting to a *nix system. You might want
>> to try this email thread which asks about backing up Linux conifgs.
>> "http://www.shrubbery.net/pipermail/rancid-discuss/2006-August/001649.html"
>>
>> Or you could modify the existing f5login like so.
>>
>> I think you have to use the carrot before the () to work. I haven't
>> checked this as I am at home and not on a UNIX system right now. Sorry
>> to lazy to check it out right now. You might want to uncomment the line
>> below 3. and comment out the line below 2. and see if that works. This
>> is the only point in the code that I see it look for login in any line.
>> If that doesn't work send me back the debug and I will see what I can
>> do. I am sure some people that use expect more often then I can probably
>> quickly tell you what to use as syntax there.
>>
>> # Figure out prompts
>> set u_prompt [find userprompt $router
>> if { "$u_prompt" == "" } {
>> #1. ORIGINAL
>> #set u_prompt "^(Username|Login|login|user name):"
>> #2. Modified to read for a line beginning with
>> Username,Login,login, or
>> user name.
>> set u_prompt "^(Username|Login|login|user name):"
>> #3. Modified to read for a line beginning with Login or login.
>> but I
>> may be wrong
>> #set u_prompt "^(Username|^Login|^login|user name):"
>> } else {
>> set u_prompt [join [lindex $u_prompt 0] ""]
>>
>>
>> Let me know if this works for you.
>>
>> -Lance
>>
>> > -------- Original Message --------
>> > Subject: Re: [rancid] F5 load balancer support
>> > From: Sam Munzani <smunzani at comcast.net>
>> > Date: Fri, July 13, 2007 2:30 pm
>> > To: Lance <rancid at gheek.net>
>> > Cc: rancid-discuss at shrubbery.net
>> >
>> > Lance,
>> >
>> > F5 login works fine with a minor error.
>> >
>> > $ f5login test-f5-01
>> > test-f5-01
>> > spawn ssh -c 3des -x -l root test-f5-01
>> > Password:
>> > Last login: Fri Jul 13 14:26:28 2007 from 172.24.100.12
>> > root
>> > [root at test-f5-01:Active] config # root
>> > -bash: root: command not found
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> > [root at test-f5-01:Active] config #
>> >
>> > I don't know how to debug otherwise I would turn on debug too. If you
>> > can provide some hints on debug, I would appreciate it.
>> >
>> > Thanks,
>> > Sam
>> > > What error(s) do you get when you try to run your f5rancid?
>> > >
>> > > Where does it fail if you debug your f5login?
>> > >
>> > >
>> > > -lance
>> > >
>> > >
>> > >> -------- Original Message --------
>> > >> Subject: [rancid] F5 load balancer support
>> > >> From: Sam Munzani <smunzani at comcast.net>
>> > >> Date: Fri, July 13, 2007 12:45 pm
>> > >> To: rancid-discuss at shrubbery.net
>> > >>
>> > >> Hi,
>> > >>
>> > >> Did anybody happened to hack one of Cisco scripts to support
>> BigIP F5
>> > >> boxes? It should be pretty simple. All I want to do is login and
>> > type "b
>> > >> list" which is equivalent of "show run" on cisco.
>> > >>
>> > >> However for some reason things not working. All I did was copied
>> > clogin
>> > >> to f5login, copied rancid to f5rancid and added following to
>> > rancid-fe.
>> > >> elsif ($vendor =~ /^f5$/i) { exec('f5rancid',
>> $router); }
>> > >>
>> > >> Then modified f5 rancid file and kept only one command in list of
>> > >> commands "b list".
>> > >>
>> > >> For some reason its not working. I can post my configs here if
>> > somebody
>> > >> like to see them.
>> > >>
>> > >> Thanks,
>> > >> Sam
>> > >> _______________________________________________
>> > >> Rancid-discuss mailing list
>> > >> Rancid-discuss at shrubbery.net
>> > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>> > >>
>> > >
>> > >
>> > >
>>
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>
>
More information about the Rancid-discuss
mailing list